[wp-trac] [WordPress Trac] #37210: Update PHPMailer to 5.2.19

WordPress Trac noreply at wordpress.org
Wed Dec 28 08:17:59 UTC 2016

#37210: Update PHPMailer to 5.2.19
 Reporter:  MattyRob                 |       Owner:
     Type:  task (blessed)           |      Status:  new
 Priority:  normal                   |   Milestone:  4.7.1
Component:  External Libraries       |     Version:
 Severity:  critical                 |  Resolution:
 Keywords:  has-patch needs-testing  |     Focuses:
Changes (by dd32):

 * version:  4.6 =>
 * type:  enhancement => task (blessed)
 * milestone:  Awaiting Review => 4.7.1


 The WordPress Security team is aware of the PHPMailer issues. We've been
 in contact with the author and security researchers and discussing the

 Presently, '''WordPress Core (and as a result, anything utilising
 `wp_mail()`) are unaffected by the recent disclosures''', the
 vulnerabilities require the usage of a PHPMailer feature which WordPress &
 `wp_mail()` does not use. This applies to WordPress 4.7, 4.6.x, and all
 previous secure versions.
 ''A note on plugins: If plugins are correctly utilising `wp_mail()`
 they'll not be affected either, however, if a plugin is doing something
 wrong, the plugins team will be in contact with the plugin authors.''

 The upcoming 4.7.1 release will contain mitigation for these issues, we're
 committed to only shipping secure libraries with WordPress - regardless of
 whether we use the feature or not.
 We don't have any specific timing details to share at present, however the
 preparations for a 4.7.1 release was already underway when we learnt about
 the issues.

 @sebastian.pisula, @MattyRob, @sfpt - Thank you for the patches, and
 catching the hacks we've made and including them.

Ticket URL: <https://core.trac.wordpress.org/ticket/37210#comment:14>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list